Show HN: Lume 0.2 – Build and Run macOS VMs with unattended setup(cua.ai)
128 points by frabonacci 17 hours ago | 10 comments
cmckn 13 hours ago
I tried to set up a macOS VM recently so I could run an old version of iTunes to manage my iPods. I found it nearly impossible to even download an installer for older versions of the OS, and could never get it working. Where can one acquire an IPSW for, say, macOS Mojave? My understanding is this is not the same thing as the “Install macOS.app”?
CharlesW 7 hours ago
I like to use MIST (macOS Installer Super Tool) to grab old macOS versions: https://github.com/ninxsoft/Mist

Apple also provides instructions for downloading many older macOS versions via your terminal: https://support.apple.com/en-us/102662#terminal

frabonacci 6 hours ago
Nice, thanks for sharing! It'd be interesting to integrate MIST into lume's ipsw command - right now Apple's native features in Apple Vz only provides download links for the latest supported version of the host, so grabbing older versions requires workarounds like this.
samtheprogram 13 hours ago
For a version of macOS that old, you’d probably want a dmg, which you can create with createinstallmedia if you have the Install macOS.app. Not sure if it’s supported with Lume as it’s the first time I’ve heard of it.
illithid0 12 hours ago
I was trying to do something similar last year and gave up because it felt futile. That said, it was the push I needed to try Rockbox, and I haven't looked back. Managing things via the file system is really nice.
cmckn 10 hours ago
I started on my Linux box and despite many apps claiming to support iPods, none would actually work. I ended up getting an old Mac mini running again and I’m using that for now. I’ve never given Rockbox a good look, I should check it out.
LoganDark 13 hours ago
Mojave never was an IPSW, because it never ran on Apple Silicon. I imagine this tool might just not support that at all.
frabonacci 12 hours ago
LoganDark is right. I've personally never tried, and don't think it'd be easy for any macOS predating Apple Virtualization Framework. For that you'd need something like UTM since they're relying on QEMU - these configs might help: https://github.com/adespoton/utmconfigs
cmckn 11 hours ago
Ahh I see. UTM was what I was trying, so I’ll give those a look! Thanks
JimDabell 3 hours ago
> We built a VNC + OCR system that clicks through macOS Setup Assistant automatically.

You can automate at least some of this with `defaults write` commands or copying files to the right places. If you look at what some existing MDM platforms do you should be able to do this a lot more efficiently.

frabonacci 3 hours ago
MDM platforms can skip Setup Assistant, but they require the device to be pre-enrolled in Apple Business Manager before first boot - VMs can't be enrolled in ABM, so those hooks aren't available.

defaults write only works after you have shell access, which means Setup Assistant is already done.

There are tools that modify marker files like .AppleSetupDone via Recovery Mode, but that's mainly for bypassing MDM enrollment on physical Macs - you'd still need to create a valid user account with proper Directory Services entries, keychain, etc.

The VNC + OCR approach is less elegant but works reliably without needing to reverse-engineer macOS internals or rely on undocumented behaviors that might break between versions.

saagarjha 20 minutes ago
Surely your VNC script is guaranteed to break between versions
pjmlp 1 hour ago
This at least feels more natural than writing Swift scripts.
JSR_FDED 7 hours ago
Looked at Lume before and it was already very impressive then. For this unattended use case this looks amazing.

Slight tangent - do the VMs have decent graphics performance? I live in fear of one day accidentally pressing the Update button and being forced into the GUI mess that is Tahoe. Knowing I could just use a VM with Sequioa as my primary desktop would dramatically lower my anxiety.

frabonacci 6 hours ago
Thanks! On graphics - currently it's paravirtualized via Apple's Virtualization Framework, so basic 2D acceleration but no GPU passthrough. Fine for desktop use, web browsing, coding, productivity apps. Wouldn't recommend it for anything GPU-intensive though.

Good news is there are hints of GPU passthrough coming (_VZPCIDeviceConfiguration symbol appeared in Tahoe's Virtualization framework), so that might land in a future macOS release. We're keeping an eye on it.

abrookewood 9 hours ago
"We built a VNC + OCR system that clicks through macOS Setup Assistant automatically" - that is both awesome and annoying. I guess I assumed that Apple supported some form of unattended setup.
frabonacci 9 hours ago
Yeah, Apple intentionally provides no unattended setup. Plus any process trying to control the UI programmatically needs explicit accessibility permissions, which defeats the purpose.

So we just click through like a human would via VNC. Version-specific but works with their security model rather than against it.

fartfeatures 9 hours ago
How does this compare to something like Tart and shapehq/tartelet
frabonacci 9 hours ago
Both use Apple's Virtualization Framework, so core VM performance is similar. Main differences are around agent-first design (HTTP API, MCP server), unattended setup via VNC + OCR, and registry support for VM images.

We've also built a broader ecosystem on top - the Cua computer and agent framework for building computer-use agents: https://cua.ai/docs

We went through the comparison with Tart, Lima etc here: https://github.com/trycua/cua/issues/10

fartfeatures 8 hours ago
Thanks for answering, makes sense.

Not seeing any reference to Tart at that link. Tart also has registry support for VM images it treats them very much like Docker images, is that what you are doing too?

Is it worth putting a comparison up somewhere other than a Github thread? Seems to be a frequently asked question at this point.

Also worth drawing attention to Tart being source available not open source.

frabonacci 6 hours ago
Thanks for the feedback! You're right that a proper comparison page beats hunting through GitHub issues.

We just put one together (with some help from Claude Code, naturally): https://cua.ai/docs/lume/guide/getting-started/comparison

fartfeatures 5 hours ago
Thanks much appreciated, the "Registry Support" section is weird though. Isn't GHCR an instance of an OCI registry? The when to choose Loom in the Tart section should also mention licensing, it is relevant at the choosing point.
frabonacci 5 hours ago
Good catches, thanks! Just updated the page:

Fixed the registry description—you're right, GHCR is an OCI registry. Both tools use OCI-compatible registries, we just default to GHCR/GCS.

Added licensing to the "when to choose" sections.

ahmadyan 12 hours ago
I believe this is using Virtualization.framework and not Containerization API from Tahoe, right?

Is there a limit on number of instances you can have per physical mac? i recall there was a hard limit of 2 because of EULA, unless Apple has changed it. (Cupertino really likes to sell you their Macs)

frabonacci 12 hours ago
Correct, Containerization APIs are Linux VMs specific.

There's a kernel-level check in the Hypervisor framework that enforces the 2 VM limit, and bypassing it violates Apple's EULA.

Nice technical deep-dive on the how here: https://khronokernel.com/macos/2023/08/08/AS-VM.html

whinvik 15 hours ago
Sorry for the naive question but specifically for running Claude on a sandbox, why do people decide to use lume as opposed to running it on Docker?
frabonacci 15 hours ago
Docker on Mac runs Linux containers inside a Linux VM - you can't run macOS in Docker. So if you need Claude / Codex / OpenCode to interact with:

- macOS GUI apps (Xcode, Numbers, Safari, etc.) - macOS desktop automation (screenshots, mouse/keyboard input, accessibility APIs) - macOS CI/CD (building iOS/macOS apps, running XCTest)

...you need an actual macOS VM, which is what Lume provides.

fishtacos 14 hours ago
I wonder what the additional layer of virtualization changes with respect to this in a project like this one: https://github.com/dockur/macos

The unattended setup is a large improvement, which also begs the question: Mac OS doesn't have an unattended.xml alternative for its installer?

frabonacci 13 hours ago
re: https://github.com/dockur/macos

A closer comparison here is Lumier, which provides a "Docker-like" interface to spin up VMs with a noVNC server: https://cua.ai/docs/lume/guide/advanced/lumier/docker

The key difference: dockur/macos uses QEMU+KVM, which only works on Linux hosts. It can't run on macOS hardware since Apple doesn't expose KVM. See: https://github.com/dockur/macos/issues/256

happyopossum 14 hours ago
macOS has unattended setup options via MDM or Apple Configurator…
easton 13 hours ago
Can you do zero touch without having an Apple Business account (so, a DUNS number) and a MDM?

I thought this was a silly way to do it too, but upon reflection I don’t know if you can zero touch setup a Mac without registering a device in DEP.

frabonacci 12 hours ago
re: unattended setup.

You're both right - Apple's official zero-touch setup requires MDM + DEP, which needs Apple Business Manager (and yes, a DUNS number).

But for VMs specifically, DEP doesn't work anyway - VMs don't have real serial numbers that can be enrolled in Device Enrollment Program.

VNC-based setup automation is the only practical option - it's what the ecosystem has converged on for macOS VMs. Lume connects to the VM's VNC server and programmatically tabs, clicks, types through Setup Assistant.

arianvanp 11 hours ago
I wish the virtualization framework would allow you to simulate your own MDM stuff. Would be very useful for integration testing MDM implementations themselves...
eptcyka 12 hours ago
How is the networking? Tart broke networking in Tahoe. Would love to see this work, setting up base images has always been a massive pain.
frabonacci 12 hours ago
We haven't observed any networking degradation with Lume on Tahoe so far - things have been working smoothly in our testing. Give it a try and let us know if you run into any issues!
fkorotkov 2 hours ago
Can you elaborate on what got “broken” on Tahoe?
frabonacci 16 hours ago
[dead]